Compare commits
56 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 khwezi
|
a185fe5e80 | ||
 Khwezi Mngoma
|
24c8f81391 | ||
|
khwezi
|
d38272d58a | ||
|
Khwezi Mngoma
|
d219a7727f | ||
|
khwezi
|
80f40cb99f | ||
|
Khwezi Mngoma
|
8cdcaa55e9 | ||
|
khwezi
|
66dd7c4b14 | ||
|
Khwezi Mngoma
|
7125f5b909 | ||
|
khwezi
|
b7c30fbfb5 | ||
|
Khwezi Mngoma
|
6f913ce9d4 | ||
|
khwezi
|
5c7ef3525f | ||
|
Khwezi Mngoma
|
86da0d843e | ||
|
khwezi
|
59710e32a6 | ||
|
Khwezi Mngoma
|
5190fcaa17 | ||
|
khwezi
|
d0afc4f748 | ||
|
Khwezi Mngoma
|
9a96c0ad0c | ||
|
khwezi
|
8cdfba58fd | ||
|
Khwezi Mngoma
|
41e1c9da4c | ||
|
khwezi
|
01d3aa90ea | ||
|
Khwezi Mngoma
|
c3981fd859 | ||
|
khwezi
|
8cc4425dfb | ||
|
Khwezi Mngoma
|
60579c6230 | ||
|
Khwezi Mngoma
|
f3478270fb | ||
|
khwezi
|
1039f6f2d5 | ||
|
Khwezi Mngoma
|
765eee2060 | ||
|
khwezi
|
ee250a18f0 | ||
|
Khwezi Mngoma
|
5972f8906b | ||
|
khwezi
|
b90c6381a0 | ||
|
Khwezi Mngoma
|
c65398bdf6 | ||
|
khwezi
|
2958ca8c00 | ||
|
Khwezi Mngoma
|
e546b3e7ff | ||
|
khwezi
|
1132ba0401 | ||
|
Khwezi Mngoma
|
5e119818bb | ||
|
khwezi
|
181056d70d | ||
|
Khwezi Mngoma
|
c01a02ee97 | ||
|
khwezi
|
dfb5ce8a4b | ||
|
Khwezi Mngoma
|
36b2f365d9 | ||
|
khwezi
|
9bff28cec2 | ||
|
Khwezi Mngoma
|
c76438b881 | ||
|
khwezi
|
857173af25 | ||
|
Khwezi Mngoma
|
e29c1ef6fc | ||
|
khwezi
|
c8a4a4cb17 | ||
|
Khwezi Mngoma
|
56e002875e | ||
|
khwezi
|
d485e78498 | ||
|
Khwezi Mngoma
|
ba3f8f6f9b | ||
|
khwezi
|
815470ab07 | ||
|
Khwezi Mngoma
|
16a2516816 | ||
|
khwezi
|
8842d92b9b | ||
|
Khwezi Mngoma
|
fc25d7ea40 | ||
|
Khwezi Mngoma
|
8d8c1436f6 | ||
|
khwezi
|
0c14872602 | ||
|
Khwezi Mngoma
|
d0ec655085 | ||
|
khwezi
|
3e23217eb4 | ||
|
Khwezi Mngoma
|
17d2ac409b | ||
|
Khwezi Mngoma
|
2d5614c504 | ||
|
Khwezi Mngoma
|
5bb7c4a959 |
@@ -31,6 +31,8 @@ steps:
|
||||
registry: nexus.khongisa.co.za
|
||||
repo: nexus.khongisa.co.za/midrandbooks-api
|
||||
tags: [ latest, "1.${DRONE_BUILD_NUMBER}" ]
|
||||
use_cache: true
|
||||
cache_from: nexus.khongisa.co.za/midrandbooks-api:latest
|
||||
custom_labels:
|
||||
- org.opencontainers.image.source=https://gitea.khongisa.co.za/litecharms/midrandbooks-api
|
||||
- org.opencontainers.image.version=1.${DRONE_BUILD_NUMBER}
|
||||
|
||||
@@ -14,8 +14,8 @@
|
||||
<PackageReference Include="IdentityModel.AspNetCore.OAuth2introspection" Version="6.2.0" />
|
||||
<PackageReference Include="IdentityServer4.AccessTokenValidation" Version="3.0.1" />
|
||||
<PackageReference Include="IdentityModel" Version="6.2.0" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="10.0.8" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.8" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="10.0.9" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.9" />
|
||||
</ItemGroup>
|
||||
|
||||
<!-- Health Checks -->
|
||||
@@ -39,8 +39,8 @@
|
||||
|
||||
<!-- API Documentation -->
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="10.0.8" />
|
||||
<PackageReference Include="Scalar.AspNetCore" Version="2.14.14" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="10.0.9" />
|
||||
<PackageReference Include="Scalar.AspNetCore" Version="2.16.3" />
|
||||
|
||||
<Using Include="Scalar.AspNetCore" />
|
||||
<Using Include="Microsoft.OpenApi" />
|
||||
@@ -54,13 +54,13 @@
|
||||
</ItemGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="LiteCharms.Features" Version="1.68.0" />
|
||||
<PackageReference Include="LiteCharms.Features" Version="1.137.0" />
|
||||
</ItemGroup>
|
||||
|
||||
<!-- UI -->
|
||||
<ItemGroup>
|
||||
<PackageReference Include="ANM.Blazored.Toast" Version="0.1.1" />
|
||||
<PackageReference Include="LiteCharms.Features.MidrandBooks" Version="1.68.0" />
|
||||
<PackageReference Include="LiteCharms.Features.MidrandBooks" Version="1.137.0" />
|
||||
|
||||
<!-- Global Usings -->
|
||||
<Using Include="Blazored.Toast.Services" />
|
||||
@@ -89,6 +89,8 @@
|
||||
<Using Include="System.Web" />
|
||||
<Using Include="System.Diagnostics" />
|
||||
<Using Include="System.Reflection" />
|
||||
<Using Include="Microsoft.AspNetCore.Mvc" />
|
||||
<Using Include="System.ComponentModel.DataAnnotations" />
|
||||
<Using Include="Microsoft.Extensions.DependencyInjection.Extensions" />
|
||||
</ItemGroup>
|
||||
|
||||
|
||||
+21
-21
@@ -4,31 +4,25 @@ using LiteCharms.Features.Extensions;
|
||||
using LiteCharms.Features.MidrandBooks.Payments;
|
||||
using LiteCharms.Features.MidrandBooks.Payments.Events;
|
||||
using LiteCharms.Features.MidrandBooks.Payments.Models;
|
||||
using LiteCharms.Features.Quartz.Abstractions;
|
||||
using static LiteCharms.Features.Extensions.Api;
|
||||
|
||||
namespace MidrandBooksApi.Payments.Endpoints;
|
||||
namespace MidrandBooksApi.Payments.Payfast;
|
||||
|
||||
[ApiVersionTarget(1)]
|
||||
public sealed class ConfirmationEndpoint : IEndpoint
|
||||
public sealed class PayfastConfirmationEndpoint : IEndpoint
|
||||
{
|
||||
private static readonly ActivitySource PaymentActivitySource = new("MidrandBooksApi.Payments");
|
||||
|
||||
public void Map(IEndpointRouteBuilder builder)
|
||||
{
|
||||
builder.MapPost("payments/payfast/confirm", async (HttpRequest request, PayfastService payfastService,
|
||||
IJobOrchestrator jobOrchestrator, IConfiguration configuration, IHostEnvironment hostEnvironment, CancellationToken cancellationToken) =>
|
||||
IJobOrchestrator jobOrchestrator, IConfiguration configuration, IHostEnvironment hostEnvironment,
|
||||
ILogger<PayfastConfirmationEndpoint> logger, CancellationToken cancellationToken) =>
|
||||
{
|
||||
using Activity? activity = PaymentActivitySource.StartActivity("ReceivePayfastWebhook", ActivityKind.Server);
|
||||
|
||||
activity?.SetTag("messaging.system", "payfast");
|
||||
activity?.SetTag("messaging.destination.name", "payments/confirm");
|
||||
|
||||
string? remoteIp = request.HttpContext.Connection.RemoteIpAddress?.ToString();
|
||||
|
||||
var ipValidation = await payfastService.ValidateReferrerIpAsync(remoteIp!, !hostEnvironment.IsProduction(), cancellationToken);
|
||||
|
||||
if (ipValidation.IsFailed || !ipValidation.Value) return Results.Unauthorized();
|
||||
activity?.SetTag("messaging.destination.name", "payments/payfast/confirm");
|
||||
|
||||
var formCollection = await request.ReadFormAsync(cancellationToken);
|
||||
|
||||
@@ -38,36 +32,42 @@ public sealed class ConfirmationEndpoint : IEndpoint
|
||||
string incomingSignature = signatureValues.ToString().Trim();
|
||||
var payload = ParseForm(formCollection, incomingSignature);
|
||||
|
||||
var paramDictionary = payload.ToParamDictionary();
|
||||
string? passphrase = configuration["HasherSettings:PayfastPassphrase"];
|
||||
string? passphrase = configuration["PayfastSettings:Passphrase"];
|
||||
|
||||
var signatureCheck = PayfastService.GenerateSignature(paramDictionary, passphrase);
|
||||
if (!PayfastService.VerifyIncomingSignatureFromForm(formCollection, passphrase!))
|
||||
{
|
||||
logger.LogCritical($"Incoming signature failed validation: {incomingSignature}");
|
||||
|
||||
if (signatureCheck.IsFailed || !string.Equals(signatureCheck.Value, incomingSignature, StringComparison.OrdinalIgnoreCase))
|
||||
return Results.Unauthorized();
|
||||
}
|
||||
|
||||
var formPairs = formCollection.Select(kvp => $"{kvp.Key}={HttpUtility.UrlEncode(kvp.Value.ToString())}");
|
||||
var sortedPairs = formCollection
|
||||
.Where(kvp => !kvp.Key.Equals("signature", StringComparison.OrdinalIgnoreCase))
|
||||
.OrderBy(kvp => kvp.Key, StringComparer.Ordinal)
|
||||
.Select(kvp => $"{kvp.Key}={HttpUtility.UrlEncode(kvp.Value.ToString().Trim())}");
|
||||
|
||||
string rawQueryParamString = string.Join("&", formPairs);
|
||||
string rawQueryParamString = string.Join("&", sortedPairs);
|
||||
|
||||
bool isSandbox = !hostEnvironment.IsProduction();
|
||||
|
||||
var serverConfirmation = await payfastService.ValidateServerConfirmationAsync(rawQueryParamString, isSandbox, cancellationToken);
|
||||
|
||||
if (serverConfirmation.IsFailed || !serverConfirmation.Value)
|
||||
{
|
||||
logger.LogCritical($"Payfast server validation ping rejected the request data: {rawQueryParamString}");
|
||||
|
||||
return Results.Unauthorized();
|
||||
}
|
||||
|
||||
var notification = PayfastPaymentConfirmationReceivedEvent.Create(payload, payload.MerchantPaymentId!,
|
||||
allowLoopback: !hostEnvironment.IsProduction(), performBackgroundChecks: false); // Set to false because comprehensive checks are completed inline above
|
||||
allowLoopback: !hostEnvironment.IsProduction(), performBackgroundChecks: false);
|
||||
|
||||
await jobOrchestrator.SendAsync(notification, cancellationToken);
|
||||
|
||||
activity?.SetStatus(ActivityStatusCode.Ok);
|
||||
|
||||
return Results.Ok();
|
||||
})
|
||||
.WithDescription("Securely confirm and process an incoming Payfast merchant payment callback.")
|
||||
.WithName(typeof(ConfirmationEndpoint).ToEndpointName())
|
||||
.WithName(typeof(PayfastConfirmationEndpoint).ToEndpointName())
|
||||
.MapToApiVersion(new ApiVersion(1))
|
||||
.Produces(StatusCodes.Status200OK)
|
||||
.Produces(StatusCodes.Status400BadRequest)
|
||||
@@ -11,10 +11,8 @@ builder.Services.AddEndpointsApiExplorer();
|
||||
builder.Services.AddEndpoints(Assembly.GetExecutingAssembly());
|
||||
builder.Services.AddApiServices(builder.Configuration);
|
||||
|
||||
builder.Services.AddAuthorization();
|
||||
builder.Services.AddAuthentication();
|
||||
|
||||
builder.Services.AddMediator();
|
||||
builder.Services.AddLiteCharmsApiSecurity(builder.Configuration);
|
||||
|
||||
builder.Services.AddScoped(typeof(IPipelineBehavior<,>), typeof(TelemetryPipelineBehavior<,>));
|
||||
builder.Services.AddScoped(typeof(IPipelineBehavior<,>), typeof(LoggingPipelineBehavior<,>));
|
||||
@@ -24,7 +22,9 @@ builder.Services.AddQuartzSchedulerClient(MidrandShopSchedulerName, builder.Conf
|
||||
builder.Services.AddEmailServices(builder.Configuration);
|
||||
builder.Services.AddEmailServiceBus();
|
||||
|
||||
builder.Services.AddHttpClient();
|
||||
builder.Services.AddShopServices();
|
||||
builder.Services.AddPayfastServices(builder.Configuration);
|
||||
builder.Services.AddHashServices(builder.Configuration);
|
||||
builder.Services.AddMidrandShopDatabase(builder.Configuration);
|
||||
|
||||
|
||||
@@ -1,13 +1,20 @@
|
||||
{
|
||||
"ValidPayfastHosts": [
|
||||
"www.payfast.co.za",
|
||||
"sandbox.payfast.co.za",
|
||||
"w1w.payfast.co.za",
|
||||
"w2w.payfast.co.za",
|
||||
"ips.payfast.co.za",
|
||||
"api.payfast.co.za",
|
||||
"payment.payfast.io"
|
||||
],
|
||||
"PayfastSettings": {
|
||||
"CheckoutUrl": "https://sandbox.payfast.co.za/eng/process",
|
||||
"ValidHosts": [
|
||||
"www.payfast.co.za",
|
||||
"sandbox.payfast.co.za",
|
||||
"w1w.payfast.co.za",
|
||||
"w2w.payfast.co.za",
|
||||
"ips.payfast.co.za",
|
||||
"api.payfast.co.za",
|
||||
"payment.payfast.io"
|
||||
]
|
||||
},
|
||||
"LiteCharmsSettings": {
|
||||
"Authority": "https://sts.security.khongisa.co.za",
|
||||
"Audience": "midrandbooks-api"
|
||||
},
|
||||
"HasherSettings": {
|
||||
"MinHashLength": 11
|
||||
},
|
||||
@@ -18,7 +25,6 @@
|
||||
"CdnBaseUrl": "https://bookshop.cdn.khongisa.co.za"
|
||||
},
|
||||
"Monitoring": {
|
||||
"ApiKey": "",
|
||||
"Address": "http://aspire-dashboard-service.aspire.svc.cluster.local:18889",
|
||||
"ServiceName": "MidrandBooks.DEV"
|
||||
},
|
||||
|
||||
+13
-60
@@ -19,28 +19,14 @@ data:
|
||||
BookshopS3Settings__Region: "garage"
|
||||
BookshopS3Settings__BucketName: "bookshop"
|
||||
BookshopS3Settings__CdnBaseUrl: "https://bookshop.cdn.khongisa.co.za"
|
||||
ValidPayfastHosts__0: "www.payfast.co.za"
|
||||
ValidPayfastHosts__1: "sandbox.payfast.co.za"
|
||||
ValidPayfastHosts__2: "w1w.payfast.co.za"
|
||||
ValidPayfastHosts__3: "w2w.payfast.co.za"
|
||||
ValidPayfastHosts__4: "ips.payfast.co.za"
|
||||
ValidPayfastHosts__5: "api.payfast.co.za"
|
||||
ValidPayfastHosts__6: "payment.payfast.io"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: midrandbooksapi-secrets
|
||||
namespace: midrandbooksapi-uat
|
||||
type: Opaque
|
||||
data:
|
||||
connection-string: SG9zdD0xOTIuMTY4LjEuMTcwO0RhdGFiYXNlPW1pZHJhbmRzaG9wLWRldjtVc2VybmFtZT1taWRyYW5kc2hvcC1kZXYtdXNlcjtQYXNzd29yZD1hUFh5a0tnM3RTOWNtRDtQZXJzaXN0IFNlY3VyaXR5IEluZm89VHJ1ZQ==
|
||||
connection-string-quartz: SG9zdD0xOTIuMTY4LjEuMTcwO0RhdGFiYXNlPXNjaGVkdWxlci1kZXY7VXNlcm5hbWU9c2NoZWR1bGVyLWRldi11c2VyO1Bhc3N3b3JkPWtWVm1vV0tKM3h6Z1FYO1BlcnNpc3QgU2VjdXJpdHkgSW5mbz1UcnVl
|
||||
aspire-apikey: bWMzRzYzSzJqNVpPRXNpMEFqTW9qTFRYbTFLRVpGY3R6SUlqU3dEaVRHdXQ4cUdTa1B1V3d4R1AxUmJzY0pVbw==
|
||||
hasher-salt: VEdsbmFIUWdRMmhoY20xekxDQk5hV1J5WVc1a1FtOXZhM01nYldGclpTQnNiM1J6SUc5bUlHMXZibVY1SUdGdVpDQmhjbVVnWVNCemRXTmpaWE56Wm5Wc0lIWnBjbUZzSUhOMGIzSjVJR2x1SUZOdmRYUm9JRUZtY21sallRPT0=
|
||||
hasher-payfastpassphrase: OUdBSVIwdFdwaFgwcU8=
|
||||
bookshop-s3-accesskey: R0s1MTRkMmNlOGRjNjkyMzdhMDVjMDFlZWY=
|
||||
bookshop-s3-secretkey: ZWFhZmVkYTFhZWQ0MDllY2ZlNjA3MTRlY2RhNTQ5YjgyYmRmNWEzZGFmOWYxOGRkNjFmNjZiNDk3M2E2NDgyZQ==
|
||||
PayfastSettings__CheckoutUrl: "https://sandbox.payfast.co.za/eng/process"
|
||||
PayfastSettings__ValidHosts__0: "www.payfast.co.za"
|
||||
PayfastSettings__ValidHosts__1: "sandbox.payfast.co.za"
|
||||
PayfastSettings__ValidHosts__2: "ips.payfast.co.za"
|
||||
PayfastSettings__ValidHosts__3: "api.payfast.co.za"
|
||||
PayfastSettings__ValidHosts__4: "payment.payfast.io"
|
||||
LiteCharmsSettings__Authority: "https://sts.security.khongisa.co.za"
|
||||
LiteCharmsSettings__Audience: "midrandbooks-api"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
@@ -61,6 +47,7 @@ metadata:
|
||||
namespace: midrandbooksapi-uat
|
||||
spec:
|
||||
replicas: 2
|
||||
revisionHistoryLimit: 0
|
||||
selector:
|
||||
matchLabels:
|
||||
app: midrandbooks-api
|
||||
@@ -92,42 +79,8 @@ spec:
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: midrandbooksapi-config
|
||||
env:
|
||||
- name: BookshopS3Settings__AccessKey
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: midrandbooksapi-secrets
|
||||
key: bookshop-s3-accesskey
|
||||
- name: BookshopS3Settings__SecretKey
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: midrandbooksapi-secrets
|
||||
key: bookshop-s3-secretkey
|
||||
- name: HasherSettings__Salt
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: midrandbooksapi-secrets
|
||||
key: hasher-salt
|
||||
- name: HasherSettings__PayfastPassphrase
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: midrandbooksapi-secrets
|
||||
key: hasher-payfastpassphrase
|
||||
- name: ConnectionStrings__PostgresScheduler
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: midrandbooksapi-secrets
|
||||
key: connection-string-quartz
|
||||
- name: ConnectionStrings__PostgresMidrandBooks
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: midrandbooksapi-secrets
|
||||
key: connection-string
|
||||
- name: Monitoring__ApiKey
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: midrandbooksapi-secrets
|
||||
key: aspire-apikey
|
||||
- secretRef:
|
||||
name: midrandbooksapi-secrets
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /app/wwwroot/content
|
||||
@@ -136,8 +89,8 @@ spec:
|
||||
httpGet:
|
||||
path: /health
|
||||
port: 8080
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 15
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
|
||||
Reference in New Issue
Block a user